Research
Notes from the work.
We write up the patterns we keep finding, the architectural decisions that quietly create new bug classes, and what we're learning from running agent-driven discovery at scale. Specifics stay private. Shape is public.
Authorization
Auth Is a Graph
We've been running agents against production APIs for about a year. They do a lot of work that used to take us weeks. There is one thing no model does well yet, and it turns out to be the thing that actually matters.
3 min read
Detection gap
The Bug That Returns 200
There is a class of bug we hunt that no monitoring system you have is going to catch. The server takes the request, mutates state it shouldn't, returns 200 OK, and from inside the application nothing happened. The bug is real. It just isn't anywhere your tooling is looking.
3 min read
Agent security
Prompt Injection Is the Wrong Threat Model
Half of what we do is teaching agents to find security bugs. The other half is finding security bugs in agents. After enough time on both sides, you notice the threat model the industry is being sold for agent products is the wrong one.
3 min read
Reconnaissance
The Client Ships the Server
The most underrated source of information in security research is the client. Every JavaScript app, every mobile binary, every desktop installer ships the protocol it speaks. Most companies treat the client as documentation. We treat it as the server's schema, disclosed in advance.
3 min read
Practice
We Don't Have a Methodology
Boker Labs is an applied AI lab focused on software security. Maybe twice a month, someone asks us what our methodology is. It's the question we get most often and the one we have the least satisfying answer to.
4 min read
Supply chain
Your CI Is Production
This is a warning we have been wanting to put on the record. Most teams treat CI as a build system. CI is not a build system. It is the highest-leverage production system the company runs, and it is defended at roughly the level of an internal Jenkins box from 2014.
4 min read